A newly identified advanced persistent threat (APT) campaign, dubbed “Swan Vector” by Seqrite Labs, has been targeting educational institutions and mechanical engineering industries in East Asian nations, particularly Taiwan and Japan. Discovered in April 2025, this campaign leverages intricate social…
Category: EN
Hitachi Energy Service Suite
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Integer Overflow or Wraparound, Out-of-bounds Write, Allocation…
Hitachi Energy MACH GWS Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS products Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation of a Pathname to a Restricted Directory, Authentication…
Hitachi Energy Relion 670/650/SAM600-IO Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability can allow…
ABB Automation Builder
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ABB Equipment: Automation Builder Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overrule the Automation…
In The New Era of Cybersecurity, Here’s What’s Driving Long-Term Resilience
Learn more about what approach organizations should take in the face of a new era of cybercrime. This article has been indexed from Fortinet Industry Trends Blog Read the original article: In The New Era of Cybersecurity, Here’s What’s…
Ivanti Releases Critical Security Update for EPMM After Limited Exploits Discovered
Ivanti has issued an important security advisory addressing vulnerabilities in open-source libraries used in its Endpoint Manager Mobile (EPMM) solution. The company announced today that a small number of customers have already experienced exploitation of these vulnerabilities, prompting immediate action…
FortiOS Authentication Bypass Vulnerability Lets Attackers Take Full Control of Device
Fortinet has disclosed a significant security vulnerability affecting multiple Fortinet products, allowing attackers to bypass authentication and gain administrative access to affected systems. The vulnerability, CVE-2025-22252 (Missing Authentication for Critical Function), affects FortiOS, FortiProxy, and FortiSwitchManager products configured to use…
Cyber War Escalates Between Indian and Pakistani Hacktivists After Pahalgam Attack
kAs tensions continue to rise in the wake of the Pahalgam terror attack and India’s subsequent launch of Operation Sindoor, a fierce cyber confrontation has simultaneously unfolded in the digital realm. Hacktivist groups aligned with both India and Pakistan…
Linux Servers Under Attack: Hidden Malware Found in Fake Go Packages
Cybersecurity experts have discovered a new attack that targets Linux systems using fake programming tools. These harmful tools were shared on GitHub, a popular website where developers post and download code. Inside these fake packages was dangerous malware designed…
Worldcoin in Crisis: Indonesia & Kenya Take Action on the Biometric Crypto Project
Worldcoin, the cryptocurrency firm backed by Sam Altman, is experiencing serious legal challenges on multiple fronts. On May 5, 2025, the Kenyan High Court ruled that Worldcoin violated Data Protection Act 2019 restrictions. According to Justice Aburili Roselyn, the…
NordVPN Introduces £5,000 ID Theft Recovery Coverage for UK Users on Ultimate Plan
NordVPN has launched a new identity theft recovery benefit for its UK subscribers, offering up to £5,000 in reimbursement to help users recover from the financial and emotional toll of identity fraud. This latest addition to its cybersecurity toolkit…
50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin
On April 26th, 2024, we received a submission for an authenticated PHP Object Injection vulnerability in Uncanny Automator, a WordPress plugin with more than 50,000 active installations. This vulnerability can be leveraged via an existing POP chain present in the…
Government email alert system GovDelivery used to send scam messages
The state of Indiana attributed the scam emails to a compromised contractor’s account. This article has been indexed from Security News | TechCrunch Read the original article: Government email alert system GovDelivery used to send scam messages
Swan Vector APT Hackers Attacking Organizations With Malicious LNK & DLL Implants
A sophisticated cyber espionage campaign dubbed “Swan Vector” has emerged targeting organizations across East Asia, particularly in Taiwan and Japan. The threat actors behind this operation have deployed a multi-stage attack chain utilizing malicious LNK shortcuts and custom DLL implants…
5 Ways Threat Intelligence Helps Against Phishing Attacks
Phishing remains a pervasive cybersecurity threat responsible for over 80% of security incidents, costing businesses billions annually and eroding trust. Threat intelligence real-time, actionable data on cyber threats, actors, and tactics —empowers organizations to stay ahead of these risks. Tools…
Marks & Spencer Confirmed Customer Data Theft in Recent Cyber Attack
British retail giant Marks & Spencer has confirmed that customer personal information was compromised in the recent cyber attack that has crippled its digital operations for over three weeks. The incident, which began during Easter weekend, has resulted in continued…
Researchers Proposed Mythic Framework Agent to Boost Pentesting Tool Performances
Cybersecurity professionals constantly seek more effective penetration testing tools to stay ahead of threat actors and properly assess organizational defenses. A recent innovation in this field comes from security researchers who have developed a specialized agent for the Mythic framework…
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token,…
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya…